urlscan.io logo urlscan.io
SecurityTrails logo

web.bfa.gob.sv Open in urlscan Pro
190.5.129.22  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://web.bfa.gob.sv/
Effective URL: https://web.bfa.gob.sv/bfanetbanking/
Submission: On October 30 via manual from GT — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 2 domains to perform 17 HTTP transactions. The main IP is 190.5.129.22, located in San Salvador, El Salvador and belongs to ICOMSA S.A. de C.V., SV. The main domain is web.bfa.gob.sv.
TLS certificate: Issued by DigiCert EV RSA CA G2 on April 4th 2023. Valid for: a year.
This is the only time web.bfa.gob.sv was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 190.151.179.195 27708 (GCA Telecom)
1 17 190.5.129.22 16592 (ICOMSA S....)
1 1 40.69.201.11 8075 (MICROSOFT...)
1 1 23.35.236.5 16625 (AKAMAI-AS)
1 23.35.236.65 16625 (AKAMAI-AS)
17 2
1    190.151.179.195 (San Salvador, El Salvador)

ASN27708 (GCA Telecom, SV)
PTR: portal.explora.com.sv.179.151.190.in-addr.arpa
web.bfa.gob.sv
17    190.5.129.22 (San Salvador, El Salvador)

ASN16592 (ICOMSA S.A. de C.V., SV)
PTR: ip190-5-129-22.intercom.com.sv
web.bfa.gob.sv
1    40.69.201.11 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
seal.websecurity.norton.com
1    23.35.236.5 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-5.deploy.static.akamaitechnologies.com
www.norton.com
1    23.35.236.65 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-65.deploy.static.akamaitechnologies.com
de.norton.com
Apex Domain
Subdomains		 Transfer
18 bfa.gob.sv
web.bfa.gob.sv
394 KB
3 norton.com
seal.websecurity.norton.com — Cisco Umbrella Rank: 91459
www.norton.com — Cisco Umbrella Rank: 60347
de.norton.com
657 B
17 2
Domain Requested by
18 web.bfa.gob.sv 2 redirects web.bfa.gob.sv
1 de.norton.com web.bfa.gob.sv
1 www.norton.com 1 redirects
1 seal.websecurity.norton.com 1 redirects
17 4

This site contains no links.

Subject Issuer Validity Valid
web.bfa.gob.sv
DigiCert EV RSA CA G2		 2023-04-04 -
2024-04-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://web.bfa.gob.sv/bfanetbanking/
Frame ID: D421BBB28BFD51A495B2503F83EF0A02
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BFA en LĂ­nea

Page URL History Show full URLs

  1. http://web.bfa.gob.sv/ HTTP 302
    https://web.bfa.gob.sv/ HTTP 302
    https://web.bfa.gob.sv/bfanetbanking/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

94 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

2
IPs

3
Countries

394 kB
Transfer

424 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://web.bfa.gob.sv/ HTTP 302
    https://web.bfa.gob.sv/ HTTP 302
    https://web.bfa.gob.sv/bfanetbanking/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://seal.websecurity.norton.com/getseal?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es HTTP 301
  • https://www.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es HTTP 301
  • https://de.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web.bfa.gob.sv/bfanetbanking/
Redirect Chain
  • http://web.bfa.gob.sv/
  • https://web.bfa.gob.sv/
  • https://web.bfa.gob.sv/bfanetbanking/
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
d249857f6e3d5b822b0faf36a4464ce4bc1ec9bcc561532045e1aa98f45ad9ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Type
text/html; charset=ISO-8859-1
Date
Mon, 30 Oct 2023 00:26:21 GMT
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-encoding
X-Frame-Options
SAMEORIGIN
X-Powered-By
BFA-APP
X-XSS-Protection
1; mode=block

Redirect headers

Connection
close
Location
https://web.bfa.gob.sv/bfanetbanking/
reset.css
web.bfa.gob.sv/bfanetbanking/themes/ 		1 KB
872 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/reset.css
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
d13e6ffe6c53df681796099fbfb0294c206713c771a734896d10622d1eba0ed9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:21 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
Content-Encoding
gzip
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-encoding
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
login.css
web.bfa.gob.sv/bfanetbanking/themes/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/login.css
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
cc22e0454712ba4553e19421299e53c278ce24e4bfcff23950ade09b559cc1c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:21 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
Content-Encoding
gzip
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-encoding
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
mensaje.css
web.bfa.gob.sv/bfanetbanking/themes/ 		1 KB
990 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/mensaje.css
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
1ec9f93cae7a61beb3700102ccba3c9fd072b3620eb66848edea00f4d70cb2e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
Content-Encoding
gzip
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-encoding
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
font-awesome.css
web.bfa.gob.sv/bfanetbanking/themes/font-awesome/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/font-awesome/css/font-awesome.css
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
3fd46d25a89e9b7af5bb0897f36f0ac602adfa0a6666c52caf74c5bb63cc9a06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
Content-Encoding
gzip
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-encoding
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
sel.css
web.bfa.gob.sv/bfanetbanking/themes/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/sel.css
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
dc33546b0cfd9d9379fd7b7f7e31749ed4bd48581ca0b88c472c747f8dda7670
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
Content-Encoding
gzip
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-encoding
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
jquery.min.js
web.bfa.gob.sv/bfanetbanking/scripts/ 		54 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/scripts/jquery.min.js
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
f862442d54bf6790ee4f0d931e9dca082fe40b1ac162f883708b0ef19f84e8bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:08 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
55290
X-XSS-Protection
1; mode=block
security.js
web.bfa.gob.sv/bfanetbanking/scripts/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/scripts/security.js
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
75561746b5093da5d0590443020fef2ca7244b2c2f5e5bbcd2ace3b0a64ae77f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:08 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
1562
X-XSS-Protection
1; mode=block
mensaje.js
web.bfa.gob.sv/bfanetbanking/scripts/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/scripts/mensaje.js
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
7f4f829684e0297b1e4db90c9eaa0f303eebdadbe16d03a8910d05de9818015a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:08 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
1363
X-XSS-Protection
1; mode=block
LogoBancaOnline.png
web.bfa.gob.sv/bfanetbanking/images/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.bfa.gob.sv/bfanetbanking/images/LogoBancaOnline.png
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
7505f63ebddb1f7b1d337d608be6028f9a1a4a2ea1b3796def953224b4107cde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:04 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
81874
X-XSS-Protection
1; mode=block
/
de.norton.com/
Redirect Chain
  • https://seal.websecurity.norton.com/getseal?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es
  • https://www.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es
  • https://de.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://de.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
H2
Server
23.35.236.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-65.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Mon, 30 Oct 2023 00:29:25 GMT
Server
AkamaiGHost
Location
https://de.norton.com/?host_name=web.bfa.gob.sv&size=L&use_flash=NO&use_transparent=No&lang=es
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Mon, 30 Oct 2023 00:29:25 GMT
Firefox_16.png
web.bfa.gob.sv/bfanetbanking/images/ 		871 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.bfa.gob.sv/bfanetbanking/images/Firefox_16.png
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
e69a85f412f448f2b2753f090d91d421dd35ff62a9a25bb95a3df25b5c7a2b95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:04 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
871
X-XSS-Protection
1; mode=block
Google_Chrome_16.png
web.bfa.gob.sv/bfanetbanking/images/ 		636 B
941 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.bfa.gob.sv/bfanetbanking/images/Google_Chrome_16.png
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
fb4b72a008f186120a3e1420a7836ed985a9728e93c8a75d6f6a6d74e531682f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:04 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
636
X-XSS-Protection
1; mode=block
cerrar.png
web.bfa.gob.sv/bfanetbanking/images/imagenes/mensajePopup/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://web.bfa.gob.sv/bfanetbanking/images/imagenes/mensajePopup/cerrar.png
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
4f7b9ebb5709eed80c5ed678b1b5d1d517bdb6e9dde7889047a6a984ffb63237
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:06 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
1572
X-XSS-Protection
1; mode=block
MontserratRegular.woff2
web.bfa.gob.sv/bfanetbanking/themes/MontserratRegular/ 		86 KB
87 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/MontserratRegular/MontserratRegular.woff2
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/themes/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
e64fadce8079910240fad6c2addf34dda634811d06bb5cf76f9244eedefa31f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://web.bfa.gob.sv
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
88340
X-XSS-Protection
1; mode=block
fontawesome-webfont.woff
web.bfa.gob.sv/bfanetbanking/themes/font-awesome/font/ 		43 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/font-awesome/font/fontawesome-webfont.woff?v=3.2.1
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/themes/font-awesome/css/font-awesome.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
18e6b5ff511b90edf098e62ac45ed9d6673a3eee10165d0de4164d4d02a3a77f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://web.bfa.gob.sv
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
43572
X-XSS-Protection
1; mode=block
Montserrat-ExtraBold.woff
web.bfa.gob.sv/bfanetbanking/themes/Montserrat-ExtraBold/ 		108 KB
108 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web.bfa.gob.sv/bfanetbanking/themes/Montserrat-ExtraBold/Montserrat-ExtraBold.woff
Requested by
Host: web.bfa.gob.sv
URL: https://web.bfa.gob.sv/bfanetbanking/themes/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
190.5.129.22 San Salvador, El Salvador, ASN16592 (ICOMSA S.A. de C.V., SV),
Reverse DNS
ip190-5-129-22.intercom.com.sv
Software
/ BFA-APP
Resource Hash
d64ecad059cc518b08272a3a4c2c05a94ed62922e6671cbe09f741a8a1408897
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://web.bfa.gob.sv
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 00:26:22 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
no-referrer
Last-Modified
Tue, 20 Dec 2022 20:43:10 GMT
X-Powered-By
BFA-APP
X-Frame-Options
SAMEORIGIN
Accept-Ranges
bytes
Content-Length
110428
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery number| loremX23 function| salir function| continuar function| desactivar function| changeClasses function| vistaTokenValida function| alertarfb function| showLightbox function| hideLightbox function| devol function| obtenerMensajeParaNavegador

2 Cookies

Domain/Path Name / Value
web.bfa.gob.sv/ Name: JSESSIONID
Value: XBx9-XIuN-UdedG16HmkBw3hvVl8o97Vb_nMMFAlv2tjNzST6HxK!-605042763
web.bfa.gob.sv/ Name: YOMepDblknmaQ1cGtwG2uHnQGa1No9UGct-FtYScqQ2XRgTMCw__
Value: v1YN09JRKcMQL

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block